Every decision we've made, since day one of our design and product development has been about keeping the CLM as simple as possible for our users. Speed and ease drove everything we've done... and still do.

The CLM is integrated directly in the tools developers use today – developers are not forced to learn a new tool or leave their natural work environment to design, develop and build their applications. Sonatype has heavily invested in an intuitive graphical user experience, setting the standard for application development and security solutions. This graphical approach meets the needs of multiple constituents and ensures effective collaboration between development, security, legal, and IT teams.

Sonatype relies on a best practice approach for installation, configuration, and training. We recommend an iterative approach that can be tailored to meet the needs of your organization, your people, and your applications. Sonatype provides multiple services and training opportunities that range from self-service options to full-fledged good component practice design and policy definition.

The combination of the Sonatype CLM design approach plus the Sonatype services offering ensures optimal value with minimal investment.

"If you can’t make it simple, you can’t make it secure."

Sonatype Customer, Insurance Provider

Get Started Yourself

Sonatype has options that will allow you to experience CLM on your own, on your schedule.

Repository Security and License Analysis

Developers turn to your repository manager as a primary source for components. Do you know what components are in your repository, components used by your development teams every day? Are those components exposing you to license and security risk? By making use of the Repository Health Check (RHC) in Nexus, customers can assess the health of their repositories and receive concrete recommendations that lead to better visibility and control of open source usage.

Application Security and License Analysis

Ultimately it’s about protecting the applications that run your business. Do you know if your key applications have security, licensing or quality issues? Sonatype will analyze your application composition for security vulnerabilities and licenses that expose your organization. The Sonatype CLM helps prevent problems and allows you to quickly remediate flaws early in the development lifecycle. Find out what is in your applications right now with an Application Health Check.


Help From Sonatype

Sonatype expertise helps you realize immediate value and we help you increase the value of your investment over time.

Repository Setup Review – Free, Complementary Service for Nexus Pro Customers

Are you an existing Nexus customer looking to expand to a complete component management approach? Before investing additional time and money in Nexus, Sonatype will review your configuration and help you optimize your Nexus implementation. Meet with a Sonatype expert to review, validate and improve your repository approach. This one-hour review and Q&A will ensure that you are positioned for success.

Enterprise Application Architecture, Security and License Analysis:

Would you like to have visibility into, and management of, your organization’s open source, proprietary, and third party component usage? We will work closely with your Open Source Software Board (Architecture, Legal, and Security) to define a policy representative of your risk tolerance. Working within your infrastructure, we will work with your team to configure up to 100 projects for component analysis and will provide detailed analysis of security, legal, and architectural issues. A scorecard highlighting potential risk areas and recommendations for follow on actions will be provided. We will provide a 90-day CLM license to allow developers to remediate issues with a supported IDE.

CLM Quick Start

Get started quickly with Sonatype CLM to improve your use of open source, proprietary and open source components. We will help you understand and optimize your processes so you can make the best of use of Sonatype CLM. We’ll also train you to install, configure and run the tools as well as analyze the results. This service, a mix of consultation and training, is strongly encouraged for all new CLM customers.

CLM Policy Creation

Creating a detailed policy that represents organizational risk tolerance is the best way to achieve the maximum value for developers, security, compliance and the Open Source Software Board. We will hold workshops with the policy stakeholder(s) to uncover existing manual component approval process for architectural, security, and licensing issues. The rules that govern the manual approval process will be converted to CLM policies and new policies are created for identified policy gaps. We will mentor your team with the creation of policy and enforcement point strategy that will result in an enterprise CLM configuration that is representative of organizational risk tolerance.